Why do I get “Error from server (Forbidden)” in vSphere with Tanzu

I’ve seen a number of queries around the behaviour of vSphere with Tanzu when it comes to query Kubernetes objects on the Supervisor Cluster. More of than not, it is question when a user get an error similar to the following: Error from server (Forbidden): wcpnamespaces.appplatform.wcp.vmware.com is forbidden: \ User “sso:Administrator@vsphere.local” cannot list resource “wcpnamespaces” in API group \ “appplatform.wcp.vmware.com” in the namespace “cormac-ns” The reason for these errors is because the Supervisor Cluster is not treated as a general purpose Kubernetes cluster. The predominant role of the Supervisor Cluster is to provide services, such as the TKG Service for…

VMware Explore 2022: What’s new in vSphere 8 & vSAN 8

VMware Explore 2022 kicked off this week. There are of course many announcements taking place across the whole suite of VMware products. In this post, I will focus primarily on the announcements related to the products that I work with on a regular basis. Those products are vSphere 8, vSphere Tanzu Standard (vSphere with Tanzu), and vSAN 8. vSphere 8 In the vSphere 8 space, the most significant announcement in my opinion is the fact that we are delivering on Project Monterey. We got our first technical preview of Project Monterey back in 2020 by the VMware CTO, Kit Colbert.…

NSX ALB v22.1.1 – New Setup Steps

Many readers with an interest in Kubernetes, and particularly Tanzu, will be well aware that there is no embedded Load Balancer service provider available in vSphere. Instead, the Load Balancer service needs to be provided through an external source. VMware supports a number of different mechanisms to provide such a service for Tanzu. One of the more popular providers is the NSX Advanced Load Balancer, formerly Avi Vantage. In the most recent release, version 22.1.1, some of the setup steps have changed significantly. In this post, I will highlight the setup of the new NSX ALB. Important: NSX ALB v22.1.1…

A closer look at vSphere+ and vSAN+

At this stage, I guess that most readers will already be aware of the recent announcement around vSphere+ and vSAN+. I’m sure many readers are also aware that VMware is on a multi-cloud journey, with a goal of offering the benefits of cloud to on-premises vSphere deployments. vSphere+ and vSAN+ are some of the first steps we are taking at VMware to make this goal a reality. So what advantages does vSphere+ and vSAN+ give to customers? In this post, I will attempt to highlight some of those benefits. Centralized Management First and foremost, vSphere+ offers a new mechanism for…

New book: Kubernetes for vSphere Administrators now available

I’m delighted to report that my new book, Kubernetes for vSphere Administrators, is now available. It is available in both paper form and as a Kindle eBook. Links to both are provided below. The links above direct you to Amazon.com. However the book is available in other Amazon marketplaces as well. (If you can’t see the text+images above, this is a link to the paper book and this is a link to the eBook.) I hope readers of this book find it useful. I would be delighted to receive feedback and reviews on the content.

New book: Kubernetes for vSphere Administrators (coming soon)

Last year, I wrote a post about my 16 years at VMware. As part of that milestone, VMware has kindly granted me 4 weeks of respite. I’m not one for sitting on a beach for hours on end. Apart from some jobs around the house (that I have been putting off for far too long), and some short breaks, I wanted to use this time to finish a long-term project that I have been working on. The project is a new book called Kubernetes for vSphere Administrators. I thought I’d give you all a quick look at the cover and…

Prometheus & Grafana Monitoring Stack on TKGS workload cluster in vSphere with Tanzu

In this post, we are going to build on the work already done when we deployed Carvel packages on a Tanzu Kubernetes workload cluster created by the TKG Service in vSphere with Tanzu. We saw in that post what the requirements are, how to use the tanzu command line to set context to a workload cluster, add the TKG v1.4 package repository. We also saw how to use the tanzu CLI to deploy our first package, which was cert manager. We will now continue with the deployment of a number of other packages, such as Contour (for Ingress), External-DNS (to…